Research On Several Signcryption Schemes

Confidentiality, identifiability and non-reputability are three main goals of informationsecurity. Cryptographic technologies are the key means to ensure information security, amongwhich encryption and digital signature are the most commonly used. Usually, encryption canensure the confidentiality of messages that nobody except the intended receiver can know thecontents of the ciphertext. Digital signature can provide identifiability and non-reputability thatthe receiver can identify the information of sender by verifying the message signature and thesender can not deny a signed message. With information technology gradually soaked into allareas of the human society, sole confidential communication or authenticated communicationcannot meet information security needs. And，how to transmit messages with confidentiality andauthenticity in the open and complex channel comes to be an important goal of informationsecurity research. The traditional method to achieve this aim is “signature-then-encryption”whose costs, no matter computational costs and communication overheads, are the sums of bothdigital signature and encryption.Signcryption can simultaneously fulfill both the functions of digital signature andencryption in a signal logical step, which has lower computational costs and communicationoverheads than the traditional “signature-then-encryption” method. In addition, signcryption hasone module instead of signature and encryption two modules which reduces the implementationcomplexity. Therefore, signcryption is an efficient method to transmit messages confidentiallyand authentically and comes to be one of the key technologies of ensuring information security.Based on identity-based, certificateless, and certificate-based three kinds of public keycryptosystem, this dissertation investigates the design and analysis of signcryption (includingsigncryption with special properties). The main contributions of this thesis are summarized asfollows:1．We characterize the formal definitions of a class of identity based encryption andsignature using one-way function, propose a method to construct signcryption scheme from thiskind of identity based encryption and signature schemes, and give three instances based onBoneh-Franklin encryption scheme and Paterson signature, Hess signature, Cha-Cheon signatureschemes.2．We give the complete security model for identity based generalized signcryption, proposean efficient identity based generalized signcryption scheme. Based on Weak-BDH problem wegive confidentiality proof in encryption mode and signcryption mode and unforgeability proof insignature mode and signcryption mode. We give an improved identity based online/offline signcryption scheme originally proposed by Liu et al., which can satisfy public verifiability andhas higher offline and online computation efficiency and shorter offline storage and onlineciphertext.3．In the random oracle model, we propose an efficient certificateless signcryption scheme,CLSC-I, based on the Weil pairings which satisfies weak security and two certificatelesssigncryption schemes, CLSC-II, CLSC-III, based on bilinear pairings which satisfy strongsecurity; in the standard model, we give an improved certificateless signcryption scheme, whichimproves computation efficiency and decreases the ciphertext length by2|G1|bits than theoriginal scheme proposed by Liu et al..4．We give a new cryptography model named certificateless signcryption with proxyunsigncryption as well as its formal definitions, and propose a certificateless signcryptionscheme with proxy unsigncryption and a full scheme with Bulletin Board which can abort proxyauthority even if the validity period of the proxy key hasn’t expired.5．We point out that there is weakness in two certificate based signcryption schemesproposed by Li et al. and Luo et al., give two improved schemes, CBSC-I, CBSC-II, and takingCBSC-I for example give the security proof in the random oracle. We give the first certificatebased signcryption scheme secure in the standard model, and give the security analysis instandard model based on NGBDH problem and Many-BDH problem.6．To relieve the overload of CA in certificate based cryptosystem, based on implicitcertificate by CA and self-certificate by user itself we give the concept of dual-certificate basedcryptosystem as well as formal definitions for dual-certificate based encryption and signcryption,and propose a dual-certificate based encryption scheme and signcryption scheme.